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ABSTRACT 

Issue of service function chaining in a network is the focus of this paper. Currently, middle box 
placement in a network and packet steering through middle boxes are the two main problems 
associated with chaining services in a network—also known as service function chaining. We propose 
a One Pass Packet Steering (OPPS) method for use in multi-subscriber environments with the goal of 
reducing the total amount of time it takes for Users and Services to connect. We show a proof of idea 
execution utilizing imitations performed with Mininet. According to our findings, the end-to-end 
delay of subscribers utilizing different sets of policy chains with the same middle boxes and a fixed 
topology remains roughly the same. Software-Defined Networking, or SDN for short, is a new way 
of networking that gives a controller and its applications the all-powerful ability to see the whole 
network and program it in any way they want. This makes it possible for new innovations in network 
protocols and applications. SDN's logically centralized control plane, which gives visibility to the 
entire network and is used by many SDN applications, is one of its main benefits. We propose new 
SDN-specific attack vectors that seriously challenge this foundation, a first in the literature. While 
the spirit of our new attacks is somewhat similar to that of spoofing attacks in legacy networks, such 
as the ARP poisoning attack, there are significant differences in how unique vulnerabilities are 
exploited and how current SDN differs from legacy networks. 

Keywords: SDN; Packet steering; Middlebox; Policy chain; One Pass Packet Steering (OPPS); Data 
Center; Control plane; Data plane; Tenant; SDN performance. 


1. INTRODUCTION 

1.1 SOFTWARE DEFINED NETWORKS 

By separating the control plane from the data plane (e.g., switches), Software-Defined Networking 
(SDN) has emerged as a new network paradigm to innovate the ossified network infrastructure, 
providing holistic network visibility and flexible programmability. A SDN controller, the network's 
brain, gives users a great design and control tool. The project is shared equally by the first two authors. 
the controller's core services by employing their own applications on top of the network. SDN, 
particularly its well-known implementation OpenFlow1, has been increasingly utilized not only in 
academic settings but also in real-world production networks. Since then, numerous application 
scenarios, including campus network innovation, cloud network virtualization, and data center 
network optimization, have been studied and implemented. Since the controller is the heart of the 
SDN architecture, if the Open Flow controller has a serious design or implementation flaw, the entire 
network would be in chaos or even completely under the control of the attackers. 

1.2 ONE PASS PACKET STEERING 

By quickly directing packets to their intended destinations without having to examine them multiple 
times, one pass packet steering improves performance and reduces latency in network packet 
processing. Traditionally, the classification, filtering, and forwarding of packets are just a few of the 
stages that make up packet processing. The inspection and processing of the packet at each stage can 
lead to an increase in latency and a decrease in performance. With one pass parcel guiding, bundles 
are ordered and separated once and afterward coordinated to their planned objections minus any 
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additional handling. Using cutting-edge packet processing hardware and software that can carry out 
these operations in real time makes this method feasible. One-pass packet steering can boost 
throughput, reduce latency, and improve network performance by reducing the number of times a 
packet is inspected and processed. This can be especially useful in high-speed network environments 
like data centers, where delivering services and applications requires low latency and high throughput. 
Overall, modern networking software and hardware frequently employ one pass packet steering, 
which is a crucial method for reducing latency and improving network performance. 

1.3 SHORTEST PATH ON SDN ENVIRONMENT 

The gap between Internet service provider (ISP) costs and revenues is widening as residential 
broadband consumption rises rapidly. In the interim, expansion of Web empowered gadgets is 
blocking access organizations, corrupting end-client experience, and influencing content supplier 
adaptation. Using open APIs supported by software defined networking (SDN), we propose a new 
model in which the content provider explicitly signals to the ISP on a per-flow basis the requirements 
for the fast and slow lane. Our first contribution is the creation of an architecture to support this model 
and the presentation of arguments demonstrating how this is advantageous to content providers (fine- 
grained control over peering arrangement), ISPs (two-sided revenue), and consumers (better user 
experience). Our second contribution is to evaluate our proposal using a real trace of more than ten 
million flows. This demonstrates that the use of dynamic fast lanes can almost completely eliminate 
degradation in video flow quality and that the use of slow lanes for bulk transfers can greatly improve 
load times on websites. Our third contribution is to create a fully operational prototype of our system 
by utilizing instrumented video/file transfer servers, open-source SDN components (Open flow 
switches and POX controller modules), to demonstrate the approach's viability and performance 
advantages. Open and agile access network service quality management that is acceptable to users, 
ISPs, and content providers is the long-term objective of our proposal, which is a first step in that 
direction. 


2. LITERATURE REVIEW 

2.1 TRICKLE: A SELF-REGULATING ALGORITHM FOR CODE PROPAGATION AND 
MAINTENANCE IN WIRELESS SENSOR NETWORKS 

Trickle, an algorithm for distributing and maintaining code updates in wireless sensor networks, is 
what we present here. Trickle employs a "polite gossip" policy, employing methods from the 
epidemic/gossip, scalable multicast, and wireless broadcast literature. This means that motes 
periodically broadcast a code summary to their neighbors but remain silent if they have recently heard 
a summary that is identical to theirs. A mote broadcasts an update whenever it hears a summary that 
is older than its own. The algorithm regulates the send rate so that each mote only receives a trickle 
of packets, just enough to stay current, rather than flooding a network with packets. Trickle can 
propagate new code in a matter of seconds, scale to thousand-fold changes in network density, and 
impose a maintenance cost of a few sends per hour, as demonstrated by our demonstration of this 
straightforward mechanism. 

2.2 DATA DISCOVERY AND DISSEMINATION WITH DIP 

We present DIP, a wireless network data discovery and dissemination protocol. Overheads in 
previous methods, like Trickle and SPIN, scale linearly with the number of data items. DIP can use 
O(log(T)) packets to identify new items for T items while maintaining an O(1) detection latency. DIP 
employs a hybrid strategy of randomized scanning and tree-based directed searches in order to 
achieve this performance across a broad range of network configurations. DIP outperforms both in 
terms of transmission speed and performance by dynamically selecting which of the two algorithms 
to use. DIP sends 20-60% fewer packets than existing protocols and can be 200% faster, all while 
requiring only O(log(log(T)) of additional state per data item, according to simulation and testbed 
experiments. 
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2.3 TINYECC: A CONFIGURABLE LIBRARY FOR ELLIPTIC CURVE 
CRYPTOGRAPHY IN WIRELESS SENSOR NETWORKS 

In traditional networks like the Internet, Public Key Cryptography (PKC) has served as the enabling 
technology for numerous security services and protocols. One of the most effective types of PKC, 
elliptic curve cryptography (ECC), is being studied for use in wireless sensor networks to support 
PKC in sensor network applications and enable the utilization of existing PKC-based solutions. 
TinyECC, a configurable library for ECC operations in wireless sensor networks, is the subject of 
this paper's design, implementation, and evaluation. TinyECC's primary goal is to offer a ready-to- 
use, publicly accessible software package for ECC-based PKC operations that can be easily 
configured and incorporated into sensor network applications. TinyECC provides a number of 
optimization switches that developers can use to turn on or off particular optimizations. TinyECC 
developers have a lot of leeway when it comes to integrating it into sensor network applications 
because different combinations of the optimizations have different execution times and resource 
consumptions. The experimental evaluation of TinyECC on several common sensor platforms, 
including MICAz, Tmote Sky, and Imote?2, is also reported in this paper. ] 

2.4 DHV: A CODE CONSISTENCY MAINTENANCE PROTOCOL FOR MULTI-HOP 
WIRELESS SENSOR NETWORKS 

In dynamic, unreliable multi-hop sensor networks, it is challenging to ensure that each sensor node 
has the same code version. The network may not function as intended when nodes have different code 
versions, resulting in time and effort wastage. We propose and evaluate DHV, a practical protocol for 
maintaining code consistency so that every network node will eventually have the same code. The 
straightforward observation that two code versions frequently differ only by a small number of the 
least significant b its of their binary representation is the foundation of DHV. To detect a more recent 
code version in the network, DHV enables nodes to carefully select and transmit only the necessary 
bit level information. Version differences in O(1) messages and latency in relation to the logarithmic 
scale of current protocols are both detectable by DHV. 

2.5 EFFICIENT AND SECURE SOURCE AUTHENTICATION FOR MULTICAST 

Source authentication, which enables recipients of multicast data to verify that the received data 
originated with the claimed source and was not altered in transit, is one of the main challenges in 
securing multicast communication. In common situations where lost packets are not retransmitted 
and other data receivers are not trusted, the issue becomes more complex. For multicast, a number of 
source authentication methods have been proposed, but none of them are effective enough in all 
important parameters. TESLA, a highly effective method that relies on the sender's delayed release 
of keys after initial loose time synchronization, was recently proposed by us. TESLA is the subject 
of several substantial changes and enhancements proposed in this paper. In contrast to TESLA, which 
requires buffering packets on the receiver side and only provides delayed authentication, one 
modification enables receivers to authenticate the majority of packets as soon as they arrive. 


3. EXPERIMENTAL METHODS OR METHODOLOGY 


ALLOCATION OF CHARACTERIZING EFFECT OF JAMMER 
TRAFFIC ACROSS THE IMPACT OF MOBILITY ON 
MULTIPLE ROUTING POISIONING NETWORK 
PATHS 
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Fig 1. Allocation of Traffic Across Multiple Routing Paths 
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4. EXISTING SYSTEM 

Source authentication, which enables recipients of multicast data to verify that the received data 
originated with the claimed source and was not altered in transit, is one of the main challenges in 
securing multicast communication. In common situations where lost packets are not retransmitted 
and other data receivers are not trusted, the issue becomes more complex. For multicast, a number of 
source authentication methods have been proposed, but none of them are effective enough in all 
important parameters. TESLA, a highly effective method that relies on the sender's delayed release 
of keys after initial loose time synchronization, was recently proposed by us. TESLA is the subject 
of several substantial changes and enhancements proposed in this paper. In contrast to TESLA, which 
requires buffering packets on the receiver side and only provides delayed authentication, one 
modification enables receivers to authenticate the majority of packets as soon as they arrive. 


5. PROPOSED SYSTEM 

In the work we propose, we call for modifying middleboxes so that the OPPS module takes over the 
implementation of particular middlebox actions based on the middlebox category. We assume that 
our middlebox island does not experience packet fragmentation in order to simplify the objectives. A 
cluster of only middleboxes in a network is referred to as a middlebox island by us. Middleboxes are 
also assumed to be aware of the newly added fields. modules that make up OPPS. The system's core 
modules are discussed in the following sections. We investigate potential defense strategies for 
TopoGuard (Topology Guard) in order to mitigate such attacks. We note that it is difficult to simply 
use static configuration to solve the issue—similar to using a static ARP entry for hosts or the port 
security feature for switches to combat ARP poisoning attacks—because this method necessitates 
time-consuming and error-prone manual labor and is not suitable for managing network dynamics— 
a valuable SDN innovation. In this project, we propose TopoGuard, a new security extension to the 
existing VM OpenFlow controllers that provides automatic and real-time detection of Virtual 
Machine exploitation to better balance security and usability. TopoGuard prevents the Host Location 
Hijacking Attack and the Link Fabrication Attack by utilizing SDN-specific features to check the 
legitimacy of host migration and switch port property. 

5.1 ALLOCATION OF TRAFFIC ACROSS MULTIPLE ROUTING PATHS 

In the case of a lossy network flow optimization problem, this module is used to distribute traffic 
across multiple routing paths. Using portfolio selection theory, we convert the optimization problem 
into the asset allocation problem by allowing individual network nodes to locally characterize the 
impact of the incident and aggregate this data for the source nodes. On the SDN/OpenFlow Topology 
Management Service, we carry out the initial security assessment. In particular, we have found new 
vulnerabilities in eight mainstream. SDN/VM OpenFlow controllers’ Device Tracking Service and 
Link Discovery Service. 


wen- 


Fig 2. Allocation of Traffic Across Multiple Routing Paths 
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5.2 CHARACTERIZING THE IMPACT OF POISIONING 

The network nodes in this module estimate and describe the impact of position, and a source node 
uses these estimates to allocate traffic. It is necessary to estimate the impact of poision on 
transmissions over each link in order for a source node to incorporate the impact of poision into the 
traffic allocation problem. However, the local estimates must be continuously updated in order to 
capture the jammer's mobility and the dynamic effects of the poison attack. To take advantage of the 
flaws we've discovered, we propose Virtual Machine Poisoning Attacks. In both a hardware SDN 
testbed and the Netbeans emulation environment, we demonstrate the viability of those attacks. 

5.3 EFFECT OF JAMMER MOBILITY ON NETWORK 

In This module, the capacity indicates the maximum number of items that can be transferred over the 
wireless link using min/max scheduling. When the source is producing data at a high packet delivery 
rate, it should be transmitted at the appropriate time for interference to occur. Then, at that point, the 
throughput rate to be less. The traffic allocation can be altered if the source node becomes aware of 
this effect, resulting in a low delivery ratio on each path and restoring the damage path. 

5.4 EVALUATING END-TO-END SUCCESS RATES FOR PACKAGES 

In order to determine the most effective traffic allocation, the source must estimate the effective end- 
to-end packet success rate for the links in a routing path. assuming that the total amount of time it 
takes to transport packets from each source to the appropriate destination is minimal in comparison 
to the update relay period. TopoGuard, a prototype defense system that is currently implemented in 
Floodlight but could be easily extended to other controllers, is part of our investigation into the 
defense space and includes automatic mitigation strategies for Virtual Machine Poisoning Attacks. 
Our assessment shows that TopoGuard forces just an irrelevant execution above 


6. EXPERIMENTAL SETUP 

The functions of the owner, user, and sensor node of the network are carried out by programs. to use 
the data hash chain method to put Topogaurd SDN into action. 

The user-side program of Topogaurd now has the following new features: the creation of the signature 
packet and all data packets, the data hash chain for a round of dissemination data, and based on 
Topogaurd SDN's design. 

Based on the verify function and the Link Fabrication attack hash function, we implement the 
verification function for data and signature packets. Also, in our experiment, when a laptop computer 
disseminates data, it first sends it to a repeater, which is a specific sensor node in the network, via the 
serial port. The repeater then uses Topogaurd SDN to carry out the dissemination on the user's behalf. 


Table 6.1: Running Time for each phase of the basic protocol of Topogaurd SDN 


The certificate generation 
IP-Link Fabrication 


System Initialization (i.e., signing a 20 byte 
Attacks 
message) 

Time (CPU = 1.8 

1608.0 1576.31 634.8 
GHz) (us) 
Time (CPU = 2. 

1111.3 1092.12 435.4 
GHz (us) 
Time (CPU = 3.1 

931.1 915.18 372.3 
GHz) (us) 


(Except the Sensor node verification phase) 
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7. CONCLUSION 

The Poisoning Network routing has been developed in such a structured manner which is reducing 
the traffic further development. The coding is done in simplified manner as they are more 
understandable and flexible. The evaluate the effect of varying network and protocol parameters in 
order to observe the performance trends using the poison -aware traffic allocation formulation. In 
particular, we are interested in the effect of the update relay period and the maximum number of 
routing paths on the performance of the flow allocation. In order to compare trials with different 
update times or numbers of paths, we average the simulated results over each simulation run, yielding 
a single. We simulate a small-scale network similar to that in while varying network and protocol 
parameters in order to observe performance trends are made for further developments. 
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